iwd/src/mpdu.c

/*
 *
 *  Wireless daemon for Linux
 *
 *  Copyright (C) 2014  Intel Corporation. All rights reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <ell/ell.h>

#include "ie.h"
#include "mpdu.h"

static bool validate_mgmt_header(const struct mpdu *mpdu, int len, int *offset)
{
	/* Duration + Address1 + Address 2 + Address 3 + SeqCntrl */
	if (len < *offset + 22)
		return false;

	*offset += 22;

	if (!mpdu->fc.order)
		return true;

	if (len < *offset + 4)
		return false;

	*offset += 4;

	return true;
}

static bool validate_atim_mgmt_mpdu(const struct mpdu *mpdu,
					int len, int *offset)
{
	return *offset == len;
}

static bool validate_disassociation_mgmt_mpdu(const struct mpdu *mpdu,
						int len, int *offset)
{
	*offset += 2;
	return *offset <= len;
}

static bool validate_authentication_mgmt_mpdu(const struct mpdu *mpdu,
						int len, int *offset)
{
	if (len < *offset + 6)
		return false;

	*offset += 6;

	switch (mpdu->auth.algorithm) {
	case MPDU_AUTH_ALGO_OPEN_SYSTEM:
		return *offset <= len;
	case MPDU_AUTH_ALGO_SHARED_KEY:
		if (mpdu->auth.transaction_sequence < 2 ||
				mpdu->auth.transaction_sequence > 3)
			return *offset == len;

		if (len < *offset + 2)
			return false;

		*offset += 2;

		if (mpdu->auth.shared_key_23.element_id !=
				IE_TYPE_CHALLENGE_TEXT)
			return false;

		*offset += mpdu->auth.shared_key_23.challenge_text_len;
		return *offset <= len;
	default:
		return false;
	}

	return false;
}

static bool validate_deauthentication_mgmt_mpdu(const struct mpdu *mpdu,
						int len, int *offset)
{
	*offset += 2;
	return *offset <= len;
}

static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
{
	if (!validate_mgmt_header(mpdu, len, offset))
		return false;

	switch (mpdu->fc.subtype) {
	case MPDU_MANAGEMENT_SUBTYPE_ATIM:
		return validate_atim_mgmt_mpdu(mpdu, len, offset);
	case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:
		return validate_disassociation_mgmt_mpdu(mpdu, len, offset);
	case MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION:
		return validate_authentication_mgmt_mpdu(mpdu, len, offset);
	case MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION:
		return validate_deauthentication_mgmt_mpdu(mpdu, len, offset);
	default:
		return false;
	}

	return true;
}

bool mpdu_validate(const unsigned char *frame, int len)
{
	struct mpdu *mpdu;
	int offset;

	if (!frame)
		return false;

	if (len < 2)
		return false;

	offset = 2;
	mpdu = (struct mpdu *) frame;

	switch (mpdu->fc.type) {
	case MPDU_TYPE_MANAGEMENT:
		return validate_mgmt_mpdu(mpdu, len, &offset);
	default:
		return false;
	}

	return true;
}
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`/*`
			`*`
			`* Wireless daemon for Linux`
			`*`
			`* Copyright (C) 2014 Intel Corporation. All rights reserved.`
			`*`
			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU Lesser General Public`
			`* License as published by the Free Software Foundation; either`
			`* version 2.1 of the License, or (at your option) any later version.`
			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`* Lesser General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Lesser General Public`
			`* License along with this library; if not, write to the Free Software`
			`* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA`
			`*`
			`*/`

			`#ifdef HAVE_CONFIG_H`
			`#include <config.h>`
			`#endif`

			`#include <ell/ell.h>`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`#include "ie.h"`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`#include "mpdu.h"`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`static bool validate_mgmt_header(const struct mpdu mpdu, int len, int offset)`
mpdu: Rework structure definitions The current setup was not endian safe 2014-12-17 23:22:06 +01:00			`{`
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`/* Duration + Address1 + Address 2 + Address 3 + SeqCntrl */`
			`if (len < *offset + 22)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`return false;`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`*offset += 22;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`if (!mpdu->fc.order)`
			`return true;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`if (len < *offset + 4)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`return false;`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`*offset += 4;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00
			`return true;`
			`}`

mpdu: Validate ATIM mpdu subtype ATIM management frames have an empty body. 2015-01-21 12:36:39 +01:00			`static bool validate_atim_mgmt_mpdu(const struct mpdu *mpdu,`
			`int len, int *offset)`
			`{`
			`return *offset == len;`
			`}`

mpdu: Validate disassociation mpdu subtype These own a reason code which is currently the only interesting information to handle. Let's skip the vendor specific ones for now. 2015-01-21 12:36:40 +01:00			`static bool validate_disassociation_mgmt_mpdu(const struct mpdu *mpdu,`
			`int len, int *offset)`
			`{`
			`*offset += 2;`
			`return *offset <= len;`
			`}`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`static bool validate_authentication_mgmt_mpdu(const struct mpdu *mpdu,`
			`int len, int *offset)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`{`
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`if (len < *offset + 6)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`return false;`

mpdu: Update offset for authentication frames Offset was not updated properly when validating authentication frames 2015-01-21 21:24:24 +01:00			`*offset += 6;`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`switch (mpdu->auth.algorithm) {`
			`case MPDU_AUTH_ALGO_OPEN_SYSTEM:`
			`return *offset <= len;`
			`case MPDU_AUTH_ALGO_SHARED_KEY:`
			`if (mpdu->auth.transaction_sequence < 2 \|\|`
			`mpdu->auth.transaction_sequence > 3)`
			`return *offset == len;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`if (len < *offset + 2)`
			`return false;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`*offset += 2;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`if (mpdu->auth.shared_key_23.element_id !=`
			`IE_TYPE_CHALLENGE_TEXT)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`return false;`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`*offset += mpdu->auth.shared_key_23.challenge_text_len;`
			`return *offset <= len;`
			`default:`
			`return false;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`}`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`return false;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`}`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`static bool validate_deauthentication_mgmt_mpdu(const struct mpdu *mpdu,`
			`int len, int *offset)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`{`
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`*offset += 2;`
			`return *offset <= len;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`}`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`static bool validate_mgmt_mpdu(const struct mpdu mpdu, int len, int offset)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`{`
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`if (!validate_mgmt_header(mpdu, len, offset))`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`return false;`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`switch (mpdu->fc.subtype) {`
mpdu: Validate ATIM mpdu subtype ATIM management frames have an empty body. 2015-01-21 12:36:39 +01:00			`case MPDU_MANAGEMENT_SUBTYPE_ATIM:`
			`return validate_atim_mgmt_mpdu(mpdu, len, offset);`
mpdu: Validate disassociation mpdu subtype These own a reason code which is currently the only interesting information to handle. Let's skip the vendor specific ones for now. 2015-01-21 12:36:40 +01:00			`case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:`
			`return validate_disassociation_mgmt_mpdu(mpdu, len, offset);`
mpdu: Rework structure definitions The current setup was not endian safe 2014-12-17 23:22:06 +01:00			`case MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION:`
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`return validate_authentication_mgmt_mpdu(mpdu, len, offset);`
mpdu: Rework structure definitions The current setup was not endian safe 2014-12-17 23:22:06 +01:00			`case MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION:`
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`return validate_deauthentication_mgmt_mpdu(mpdu, len, offset);`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`default:`
			`return false;`
			`}`

			`return true;`
			`}`

mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`bool mpdu_validate(const unsigned char *frame, int len)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`{`
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`struct mpdu *mpdu;`
mpdu: Rework structure definitions The current setup was not endian safe 2014-12-17 23:22:06 +01:00			`int offset;`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`if (!frame)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`return false;`

mpdu: Rework structure definitions The current setup was not endian safe 2014-12-17 23:22:06 +01:00			`if (len < 2)`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`return false;`

mpdu: Rework structure definitions The current setup was not endian safe 2014-12-17 23:22:06 +01:00			`offset = 2;`
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`mpdu = (struct mpdu *) frame;`
mpdu: Rework structure definitions The current setup was not endian safe 2014-12-17 23:22:06 +01:00
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`switch (mpdu->fc.type) {`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`case MPDU_TYPE_MANAGEMENT:`
mpdu: Rework to a zero-copy based framework 2014-12-18 00:44:44 +01:00			`return validate_mgmt_mpdu(mpdu, len, &offset);`
core: Add the preliminary logic to parse 802.11 MPDUs It currently focuses on parsing management frames, and specifically its authentication and deauthentication frames. 2014-12-12 11:17:43 +01:00			`default:`
			`return false;`
			`}`

			`return true;`
			`}`